package edu.scau.cxq.gp.sa_token;

import cn.dev33.satoken.interceptor.SaRouteInterceptor;
import cn.dev33.satoken.router.SaRouter;
import cn.dev33.satoken.stp.StpUtil;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

/**
 * sa-token路由拦截式鉴权
 */
@Configuration
public class MySaTokenConfig implements WebMvcConfigurer {
    // 注册Sa-Token的拦截器
    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        // 注册路由拦截器，自定义认证规则
        registry.addInterceptor(new SaRouteInterceptor((req, res, handler) -> {

            // 登录认证 -- 拦截所有路由，并排除/user/doLogin 用于开放登录
            SaRouter.match("/**", "/user/log**", r -> StpUtil.checkLogin());

            // 角色认证 -- 拦截以 admin 开头的路由，必须具备 admin 角色或者 super-admin 角色才可以通过认证
            SaRouter.match("/user/**", "/user/log**", r -> StpUtil.checkRoleOr("super-admin"));
            SaRouter.match("/customer/**", r -> StpUtil.checkRoleOr("super-admin", "warehouse-admin"));
            SaRouter.match("/goods/**", r -> StpUtil.checkRoleOr("super-admin", "warehouse-admin"));
            SaRouter.match("/inventory/**", r -> StpUtil.checkRoleOr("super-admin", "warehouse-admin"));
            SaRouter.match("/inventory-alert/**", r -> StpUtil.checkRoleOr("super-admin", "warehouse-admin"));
            SaRouter.match("/record-in/**", r -> StpUtil.checkRoleOr("super-admin", "warehouse-admin"));
            SaRouter.match("/record-out/**", r -> StpUtil.checkRoleOr("super-admin", "warehouse-admin"));
            SaRouter.match("/supplier/**", r -> StpUtil.checkRoleOr("super-admin", "warehouse-admin"));
            SaRouter.match("/supplier/**", r -> StpUtil.checkRoleOr("super-admin", "warehouse-admin"));
            SaRouter.match("/warehouse/**", r -> StpUtil.checkRoleOr("super-admin", "warehouse-admin"));
            SaRouter.match("/statistic/**", r -> StpUtil.checkRoleOr("super-admin", "warehouse-admin"));
            SaRouter.match("/report-script/**", r -> StpUtil.checkRoleOr("super-admin"));

//            // 权限认证 -- 不同模块认证不同权限
//            SaRouter.match("/user/**", () -> StpUtil.checkPermission("user"));
//            SaRouter.match("/customer/**", () -> StpUtil.checkPermission("customer"));
//            SaRouter.match("/goods/**", () -> StpUtil.checkPermission("goods"));
//            SaRouter.match("/inventory/**", () -> StpUtil.checkPermission("inventory"));
//            SaRouter.match("/inventory-alert/**", () -> StpUtil.checkPermission("inventory-alert"));
//            SaRouter.match("/record-in/**", () -> StpUtil.checkPermission("record-in"));
//            SaRouter.match("/record-out/**", () -> StpUtil.checkPermission("record_out"));
//            SaRouter.match("/supplier/**", () -> StpUtil.checkPermission("supplier"));
//            SaRouter.match("/warehouse/**", () -> StpUtil.checkPermission("warehouse"));

        })).addPathPatterns("/**");
    }
}










